Amazon Simple Storage Servie: Base64-Encoding and Signature Generation Help
October 11, 2008 6:00 PM   Subscribe

In working through a tutorial for Amazon's Simple Storage Service, I'm stuck on two steps. The first step is to base64-encode my policy file... and the second step is to generate a signature value (SHA-1 HMAC) with my Amazon Secret Access key as a password. Am I going about it correctly?

I'm a Flash designer, whose primary focus has been Actionscript. I've been trying to find/follow as many tutorials/docs as I can, but I just keep hitting my head against a wall (and have been, for days now).

I feel that I more or less have the pieces individually, I just don't know how they fit together.

The tutorial I'm walking through is here.

The two main steps I'm having problems with center around these instructions:

1) Base64-encode the policy document, and include it in the form’s policy input field.
2) Calculate a signature value (SHA-1 HMAC) from the encoded policy document using your AWS Secret Key credential as a password. Include this value in the form’s signature input field after Base64-encoding it.

Regarding Base64-encoding
----------------------------
I've just taken my policy file and plugged it in over here:
http://motobit.com/util/base64-decoder-encoder.asp

I get a string back that's encoded. I *think* this is what I'm supposed to do, but I guess this is one of my questions. Is this the right approach? Should I be encoding my policy file in a different manner?


Regarding the Signature
----------------------------
Here's where I'm at a loss. Signature value? SHA-1 HMAC? Totally over my head.

I found an HMAC Calculator here:
http://slavasoft.com/hashcalc/index.htm

Based on this screenshot, I'm curious to know whether I'm taking the right steps.

Basically, I plugged in the Base64-encoded policy file (from Step 1) in the Data field. Then, I checked the HMAC box and entered in my AWS Secret Key as my Key. Then... I selected the SHA1 box, and copied that output. And finally (per the instructions in Step 2), I Base64-encoded that result.


My Questions
----------------------------
1) Am I taking the right steps here? I think I am, but my test HTML form hasn't quite worked out yet. I'll keep testing, but I wanted to check in as I've never really done any encoding or signature creation.

2) Is there some better way to create the signature? I don't know if that HMAC Calculator is the best approach, or if there's a Mac-centric way to go about it (I'm on a Mac, but have access to Parallels).

I've seen a few examples of code for Java/Python/etc... but honestly, I'm not sure what to do what all that. I'm not adverse to learning... I just don't know what to do next. All I'm after is properly generating a signature value, and if I need to learn how to go about it via Java/Python/etc, so be it. I'm just at a loss as to where to go next.

---------
If you've made it this far, thanks for reading through. I'm working on the storage end of a personal project, and hitting this code/authentication wall has really taken the wind out of my sails. I'm excited that I'm about 90% done and able to launch it to the world... save this Amazon S3 portion of things.

I've spent many hours going over Amazon's pages, posted a question on the S3 forum, and spent a lot of time refreshing the page there to see if anyone's responded. At this point, any suggestions/advice/directions would be better than my current feeling of treading water.

Sorry - little bit of venting there. Seriously, any and all advice greatly appreciated!
posted by avoision to Computers & Internet (3 answers total) 1 user marked this as a favorite
 
Since you're on a Mac, you have Perl, so you should be able to do:

perl -mDigest::HMAC_SHA1 -mMIME::Base64=encode_base64 -e 'print encode_base64(Digest::HMAC_SHA1->new("YOUR_AWS_KEY")->add(encode_base64(<>))->digest)' policy.txt
posted by nicwolff at 6:37 PM on October 11, 2008


Thanks, nicwolff! I'm not familiar with perl, and wasn't able to get your code to work (got some odd error). But at least I'm pointed in a good direction, so I'm off to go do some more digging.

I was able to successfully base64-encode a string, so that's a start at least. Again, thanks for the advice!
posted by avoision at 9:33 AM on October 12, 2008


FWIW, though I started to explore using Perl... I ended up finding this PHP-based approach, which did the trick.

I can't tell you how good I feel right now. After banging my head for so long, I can actually move forward again. Thanks again nicwolff, for your advice/thoughts.
posted by avoision at 11:24 AM on October 12, 2008


« Older Where's a good logic puzzle discussion forum?   |   Ph.D. in Stressology Newer »
This thread is closed to new comments.